Biblio

Cybersecurity is without doubt becoming a societal challenge. It even starts to affect sectors that were not considered to be at risk in the past because of their relative isolation. One of these sectors is aviation in general, and specifically air traffic management. Nowadays, the cyber security is one of the essential issues of current Air Traffic Systems. Compliance with the basic principles of cyber security is mandated by European Union law as well as the national law. Therefore, EUROCONTROL as the provider of several tools or services (ARTAS, EAD, SDDS, etc.), is regularly conducting various activities, such as the cyber-security assessments, penetration testing, supply chain risk assessment, in order to maintain and improve persistence of the products against the cyber-attacks.

The full integration of Remotely Piloted Aircraft Systems (RPAS) in non-segregated airspace is one of the major objectives for the worldwide aviation organizations and authorities. However, there are several technological and regulatory issues due to the increase of the air traffic in the next years and to the need of keeping high safety levels. In this framework, a real-time validation environment capable to simulate complex scenarios related to future air traffic management (ATM) conditions is of paramount importance. These facilities allow detailed testing and tuning of new technologies and procedures before executing flight tests. With such motivations, the Italian Aerospace Research Centre has developed the Integrated Simulation Facility (ISF) able to accurately reproduce ATM complex scenarios in real-time with hardware and human in-the-loop simulations, aiming to validate new ATM procedures and innovative system prototypes for RPAS and General Aviation aircraft. In the present work, the ISF facility has been used for reproducing relevant ATM scenarios to validate the functionalities of a Detect and Avoid system (DAA). The results of the ISF test campaign demonstrate the effectiveness of the developed algorithm in the autonomous resolution of mid-air collisions in presence of both air traffic and fixed obstacles (i.e. bad weather areas, no-fly-zone and terrain) and during critical flight phases, thus exceeding the current DAA state-of-the-art.

Current FAA strategic objectives include a migration to Trajectory Based Operations (TBO) with the integration of time-based management data and tools to increase efficiencies and reduce operating costs within the National Airspace System (NAS). Under TBO, integration across various FAA systems will take on greater importance than ever. To ensure the security of this integration without impacting data and tool availability, the FAA should consider adopting a Zero Trust Framework (ZTF) into the NAS.ZTF was founded on the belief that strong boundary security protections alone (traditionally referred to as the castle-moat approach) were no longer adequate to protecting critical data from outside threats and, with ever-evolving threat sophistication, contamination within a network perimeter is assumed to already exist (see Figure 1).To address this, theorists developed a framework where trust is controlled and applied to all internal network devices, users, and applications in what was termed a "Never Trust; Always Verify" approach to distinguish the authorized from the unauthorized elements wanting to access network data.To secure achievement of TBO objectives and add defensive depth to counter potential insider threats, the FAA must consider implementing a hybrid approach to the ZTF theory. This would include continued use of existing boundary protections provided by the FAA Telecommunications Infrastructure (FTI) network, with the additional strength afforded by the application of ZTF, in what is called the NAS Zero Trust eXtended (ZTX) platform.This paper discusses a proposal to implement a hybrid ZTX approach to securing TBO infrastructure and applications in the NAS.

The National Airspace System (NAS), as a portion of the US' transportation system, has not yet begun to model or adopt integration of Artificial Intelligence (AI) technology. However, users of the NAS, i.e., Air transport operators, UAS operators, etc. are beginning to use this technology throughout their operations. At issue within the broader aviation marketplace, is the continued search for a solution set to the persistent daily delays and schedule perturbations that occur within the NAS. Despite billions invested through the NAS Modernization Program, the delays persist in the face of reduced demand for commercial routings. Every delay represents an economic loss to commercial transport operators, passengers, freighters, and any business depending on the transportation performance. Therefore, the FAA needs to begin to address from an advanced concepts perspective, what this wave of new technology will affect as it is brought to bear on various operations performance parameters, including safety, security, efficiency, and resiliency solution sets. This paper is the first in a series of papers we are developing to explore the application of AI in the National Airspace System (NAS). This first paper is meant to get everyone in the aviation community on the same page, a primer if you will, to start the technical discussions. This paper will define AI; the capabilities associated with AI; current use cases within the aviation ecosystem; and how to prepare for insertion of AI in the NAS. The next series of papers will look at NAS Operations Theory utilizing AI capabilities and eventually leading to a future intelligent NAS (iNAS) environment.

The term "Cyber Physical System" (CPS) has been used in the recent years to describe a system type, which makes use of powerful communication networks to functionally combine systems that were previously thought of as independent. The common theme of CPSs is that through communication, CPSs can make decisions together and achieve common goals. Yet, in contrast to traditional system types such as embedded systems, the functional dependence between CPSs can change dynamically at runtime. Hence, their functional dependence may cause unforeseen runtime behavior, e.g., when a CPS becomes unavailable, but others depend on its correct operation. During development of any individual CPS, this runtime behavior must hence be predicted, and the system must be developed with the appropriate level of robustness. Since at present, research is mainly concerned with the impact of functional dependence in CPS on development, the impact on runtime behavior is mere conjecture. In this paper, we present AirborneCPS, a simulation tool for functionally dependent CPSs which simulates runtime behavior and aids in the identification of undesired functional interaction.

Millions of small Unmanned Aircraft System (sUAS) aircraft of various shapes and capabilities will soon fly at low altitudes in urban environments for ambitious applications. It is critical to ensure these remotely piloted aircraft fly safely, predictably, and efficiently in this challenging airspace, without endangering themselves and other occupants sharing that airspace or in proximity. Concepts, technologies, processes, and policies to solve this hard problem of UAS Traffic Management (UTM) are being explored. But, cyber security considerations are largely missing. This paper bridges this gap and addresses UTM cyber security needs and issues. It contributes a comprehensive framework to understand, identify, classify, and assess security threats to UTM, including those resulting from sUAS vulnerabilities. Promising threat mitigations, major challenges, and research directions are discussed to secure UTM.

Critical information systems strongly rely on event logging techniques to collect data, such as housekeeping/error events, execution traces and dumps of variables, into unstructured text logs. Event logs are the primary source to gain actionable intelligence from production systems. In spite of the recognized importance, system/application logs remain quite underutilized in security analytics when compared to conventional and structured data sources, such as audit traces, network flows and intrusion detection logs. This paper proposes a method to measure the occurrence of interesting activity (i.e., entries that should be followed up by analysts) within textual and heterogeneous runtime log streams. We use an entropy-based approach, which makes no assumptions on the structure of underlying log entries. Measurements have been done in a real-world Air Traffic Control information system through a data analytics framework. Experiments suggest that our entropy-based method represents a valuable complement to security analytics solutions.

Multilateration techniques have been proposed to verify the integrity of unprotected location claims in wireless localization systems. A common assumption is that the adversary is equipped with only a single device from which it transmits location spoofing signals. In this paper, we consider a more advanced model where the attacker is equipped with multiple devices and performs a geographically distributed coordinated attack on the multilateration system. The feasibility of a distributed multi-device attack is demonstrated experimentally with a self-developed attack implementation based on multiple COTS software-defined radio (SDR) devices. We launch an attack against the OpenSky Network, an air traffic surveillance system that implements a time-difference-of-arrival (TDoA) multi-lateration method for aircraft localization based on ADS-B signals. Our experiments show that the timing errors for distributed spoofed signals are indistinguishable from the multilateration errors of legitimate aircraft signals, indicating that the threat of multi-device spoofing attacks is real in this and other similar systems. In the second part of this work, we investigate physical-layer features that could be used to detect multi-device attacks. We show that the frequency offset and transient phase noise of the attacker's radio devices can be exploited to discriminate between a received signal that has been transmitted by a single (legitimate) transponder or by multiple (malicious) spoofing sources. Based on that, we devise a multi-device spoofing detection system that achieves zero false positives and a false negative rate below 1%.

Attacks on airport information network services in the form of Denial of Service (DoS), Distributed DoS (DDoS), and hijacking are the most effective schemes mostly explored by cyber terrorists in the aviation industry running Mission Critical Services (MCSs). This work presents a case for Airport Information Resource Management Systems (AIRMS) which is a cloud based platform proposed for the Nigerian aviation industry. Granting that AIRMS is susceptible to DoS attacks, there is need to develop a robust counter security network model aimed at pre-empting such attacks and subsequently mitigating the vulnerability in such networks. Existing works in literature regarding cyber security DoS and other schemes have not explored embedded Stateful Packet Inspection (SPI) based on OpenFlow Application Centric Infrastructure (OACI) for securing critical network assets. As such, SPI-OACI was proposed to address the challenge of Vulnerability Bandwidth Depletion DDoS Attacks (VBDDA). A characterization of the Cisco 9000 router firewall as an embedded network device with support for Virtual DDoS protection was carried out in the AIRMS threat mitigation design. Afterwards, the mitigation procedure and the initial phase of the design with Riverbed modeler software were realized. For the security Quality of Service (QoS) profiling, the system response metrics (i.e. SPI-OACI delay, throughput and utilization) in cloud based network were analyzed only for normal traffic flows. The work concludes by offering practical suggestion for securing similar enterprise management systems running on cloud infrastructure against cyber terrorists.

The need for increased surveillance due to increase in flight volume in remote or oceanic regions outside the range of traditional radar coverage has been fulfilled by the advent of space-based Automatic Dependent Surveillance — Broadcast (ADS-B) Surveillance systems. ADS-B systems have the capability of providing air traffic controllers with highly accurate real-time flight data. ADS-B is dependent on digital communications between aircraft and ground stations of the air route traffic control center (ARTCC); however these communications are not secured. Anyone with the appropriate capabilities and equipment can interrogate the signal and transmit their own false data; this is known as spoofing. The possibility of this type of attacks decreases the situational awareness of United States airspace. The purpose of this project is to design a secure transmission framework that prevents ADS-B signals from being spoofed. Three alternative methods of securing ADS-B signals are evaluated: hashing, symmetric encryption, and asymmetric encryption. Security strength of the design alternatives is determined from research. Feasibility criteria are determined by comparative analysis of alternatives. Economic implications and possible collision risk is determined from simulations that model the United State airspace over the Gulf of Mexico and part of the airspace under attack respectively. The ultimate goal of the project is to show that if ADS-B signals can be secured, the situational awareness can improve and the ARTCC can use information from this surveillance system to decrease the separation between aircraft and ultimately maximize the use of the United States airspace.